Cross-Site Scripting (XSS)

illuminate/view is vulnerable to a Cross-site Scripting XSS. The vulnerability is due to inadequate input sanitization within blade templating, allowing attackers to inject malicious scripts into rendered views...

CVE-2023-2017 Improper Control of Generation of Code in Twig Rendered Views in Shopware

Server-side Template Injection SSTI in Shopware 6 = v6.4.20.0, v6.5.0.0-rc1 = v6.5.0.0-rc4, affecting both shopware/core and shopware/platform GitHub repositories, allows remote attackers with access to a Twig environment without the Sandbox extension to bypass the validation checks in...